Corruption Threat: Foreign Intelligence

It is the experience of Malkara Consulting that when discussing corruption with clients or colleagues, they regard the crime as being solely committed by organisations or individuals against other organisations or governments.  They have never viewed it as being an act committed by Governments against organisations and other governments.  Government arms involved in state sanctioned corruption usually include police and intelligence agencies. 

When Malkara Consulting examined the anti-bribery and corruption program of a client recently, we were surprised and in some instances shocked, at their poor level of understanding about the threat posed by intelligence agencies. 

The ultimate target of an intelligence agency is information.  And in this information age, data is power. And the loss of it can have serious consequences for an organisation.  Private sector organisations are a treasure trove of information that competitors and governments strive to get their hands on.  Foreign intelligence services know that the political and military opponents of their country use private services to operate.  They shop, they travel and they use financial services.   And in doing so, provide important data about themselves, their family members and any business they operate in, to a private organisation. 

And it is not just personal data that a foreign intelligence agency seeks.  Industrial spying is carried out on a significant scale by governments against the private sector.  The theft of industrial, scientific and commercial information enables countries to grow and remain competitive.  Successful Government intelligence agencies who have stolen important information provide it to companies in their country to enable those organisations to retain or acquire a competitive edge.

Organisations use a variety of techniques to protect their information much of it is technology based.  But they ignore the single biggest weakness in any defences against corruption undertaken by any entity and that is people. 

Readers would recall the 2007 theft of client name information by Sina Lapour, from Credit Suisse, which he provided to the German tax office via a middle man.  Or Heinrich Kieber, who stole thousands of customer files from LGT Group, a Liechtenstein bank and sold it to the BND, Germany’s intelligence service.

While the banks involved and other financial institutions have tightened their staff selection and deployment processes, with only entrusting long serving employees with sensitive customer information, other financial and non-financial institutions have not. 

Outsourcing of services to third party providers increases the risk of penetration by foreign intelligence services.  The most common service outsourced is IT, security and in some instances the human resource portfolio.  The services are often provided by foreign companies.  When assessing the risk of one client, we were alarmed at how employees of a contractor who had responsibility for maintaining the IT system; were allowed free unrestricted unsupervised access to most areas. The IT firm involved had been linked to working with a foreign intelligence service. 

Every bit of data helps a foreign intelligence service advance its objectives.  All the pieces matter in the intelligence collection game.  Once they discover a vulnerability, it is exploited.  And if the vulnerability is a person, then they will use a variety of methods to cultivate that person, including grooming techniques.  All employees, contractors and third-party providers are vulnerable if they are not trained in how to identify if they are being groomed and the threat posed by foreign intelligence organisations.

Information gathering operations undertaken by an intelligence agency are sanctioned by the Government owning it and given legislative protection.  For example, the UK Bribery Act which is the international standard setter in anti-bribery and corruption law, contains a provision protecting its intelligence service and those who work for it.  Under Section 13 of that Act, it is a defence to a bribery offence if that person establishes that their conduct was necessary for the proper exercise of any function of an intelligence service.  The Act applies to any person or organisation that has a close connection with the UK. 

The question therefore, is how many UK citizens working in the banking, insurance, logistics and shipping industries in offshore jurisdictions such as Hong Kong, Dubai or Singapore are working for MI6?  The UK Bribery Act protects them from prosecution at least under UK law; while they undertake espionage on behalf of the UK Government.  And how many foreign citizens working around the world in commerce, trade, financial sector or education and research, work for a foreign intelligence service? If they are, they are engaging in corruption and violating local anti-bribery and corruption laws.

Recruiting expatriates in offshore jurisdictions to undertake spying activities, a form of internal corruption if used against their employer or client is easier to achieve than corrupting a local person.

Organisations employing foreign residents or foreign companies, whose loyalty lies with a foreign country, need to have enhanced know-your employee/contractor procedures in place, otherwise sensitive information is vulnerable to exploitation.   

Malkara Consulting is holding a 2 day workshop in Singapore on 16 and 17 of October 2017 to arm equip people and organisations and individuals on how to protect reduce their susceptibility vulnerability to bribery and corruption. The workshopis  will offer greater protection than any ABC program based on compliance with local and international law can. Go to our events page to find out more.